Networks facing no shortage of security risks, Cisco survey says

Anyone who thinks their company’s network is secure is living in a fool’s paradise, according to networking giant Cisco. In its 2014 mid-year security report, it noted that every corporate network surveyed showed evidence of some sort of malicious traffic.

Cisco, whose security arm provides products and services to help prevent, detect, and block threats, released the report at the Black Hat security conference in Las Vegas last week.

It’s not a pretty picture. Almost 95% of the sixteen multinational customer networks surveyed were identified as sending and receiving traffic from websites that are either infected with, or host, three kinds of high-threat malware: Palevo, Zeus, and SpyEye. The enterprises surveyed represent collective revenue of US$300-billion and control US$4-trillion in assets. The report notes that the malware discovered is used to perform distributed denial of service (DDoS) attacks, and to steal information by creating additional fields on existing forms, in real-time, and retrieving the data.

In addition, almost half of the customer networks issued DNS requests for sites that provide some sort of encrypted service. On the surface, this would not appear to be an problem, until we realize that cyber-criminals often encrypt the data they steal before sending it to their sites so the theft won’t be detected by a company’s safeguards. While use of these services is not an absolute indicator that there is mischief afoot, it should raise flags and trigger validation of the communications.

Related

The report also says that nearly 70% of the networks issued Dynamic DNS (DDNS) queries. Dynamic DNS lets a domain (eg: google.com) change its numeric address on the fly and still be locatable by name, and is widely used by malware’s command and control sites to hide themselves from authorities. DDNS, says the report, is rarely used for legitimate outbound connections in enterprises, so its use on a network is another red flag for security administrators.

Network infrastructure isn’t the only vulnerable spot highlighted in the report. Software still has its place in the criminal’s bag of tricks. The biggest culprit, it says, is Java, with 93% of detected exploits being Java-based Indications of Compromise (IOCs) — events or artifacts observed on a system, often subtle, that, when correlated with other IOCs for a system, point to a likely compromise. This may change since the current version, Java 8, offers better security controls than older versions. The report suggests that as a result, we may see a shift by criminals to other programs that are easier to attack. This, of course, assumes that companies keep their Java up-to-date.

One small positive in the report is that the number of exploit kits (roll-your-own malware development kits marketed by the criminal community to its peers) has shrunk by 87% since the person believed to have created one of the most popular kits was arrested last year. Cisco researchers noted that while several new kits showed up in the first half of this year, trying to fill the gap, no clear leader has yet emerged.

Another positive factor of sorts to consider is that, although 2,528 security alerts about new vulnerabilities were published between January 1 and June 30, 2014, only 28 were being actively exploited soon after the reports were published. Cisco advises companies to concentrate on those active exploits immediately, relegating the rest to more routine patching processes. However, it pointed out, “Strong security intelligence to identify high-urgency vulnerabilities is necessary to maintain a high urgency patching process effectively.”

The key message in the report, however, is one that every security professional and vendor has been promoting for years: companies must operationalize security, before it’s too late. “The decision to view security as a business process often stems out of broader business initiatives designed to improve governance, risk, and compliance (GRC) throughout the organization,” it said. “Many businesses find, often too late, that when it comes to IT security, being compliant is not enough.”

Almost Done!

Postmedia wants to improve your reading experience as well as share the best deals and promotions from our advertisers with you. The information below will be used to optimize the content and make ads across the network more relevant to you. You can always change the information you share with us by editing your profile.

By clicking "Create Account", I hearby grant permission to Postmedia to use my account information to create my account.

I also accept and agree to be bound by Postmedia's Terms and Conditions with respect to my use of the Site and I have read and understand Postmedia's Privacy Statement. I consent to the collection, use, maintenance, and disclosure of my information in accordance with the Postmedia's Privacy Policy.

Postmedia wants to improve your reading experience as well as share the best deals and promotions from our advertisers with you. The information below will be used to optimize the content and make ads across the network more relevant to you. You can always change the information you share with us by editing your profile.

By clicking "Create Account", I hearby grant permission to Postmedia to use my account information to create my account.

I also accept and agree to be bound by Postmedia's Terms and Conditions with respect to my use of the Site and I have read and understand Postmedia's Privacy Statement. I consent to the collection, use, maintenance, and disclosure of my information in accordance with the Postmedia's Privacy Policy.